Month: July 2017
Courtesy of: Brian Krebs from KrebsonSecurity June 27, 2017
A new strain of ransomware dubbed “Petya” wormed its way around the world with alarming speed. The malware spread using a vulnerability in Microsoft Windows that the software giant patched in March 2017—the same bug that was exploited by the recent and prolific WannaCry ransomware strain.
According to multiple news reports, Ukraine appears to have been among the hardest hit by Petya. The country’s government, some domestic banks and large power companies all warned that they were dealing with fallout from Petya infections.
Danish transport and energy firm Maersk confirmed in a statement on its Web site that their IT systems were down across multiple sites and business units and Russian energy giant Rosneft said on Twitter that it was facing a “powerful hacker attack.” However, neither company referenced ransomware or Petya.
Security firm Symantec confirmed that Petya used the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers.
Microsoft released a patch for the Eternal Blue exploit in March but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May. U.S. intelligence agencies assess with medium confidence that WannaCry was the work of North Korean hackers. Organizations and individuals who have not yet applied the Windows update for the Eternal Blue exploit should patch now.
Petya primarily impacted organizations in Europe, however the malware started to show up in the United States. Legal Week reported that global law firm DLA Piper experienced issues with its systems in the U.S. as a result of the outbreak.
Through its twitter account, the Ukrainian Cyber Police said the attack appeared to have been seeded through a software update mechanism built into M.E.Doc, an accounting program that companies working with the Ukranian government need to use.
Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appeared to have been well engineered to be destructive while masquerading as a ransomware strain. He noted that Petya’s ransom note included the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim. He also noted that Petya urged victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.
Ransomware encrypts important documents and files on infected computers and then demands a ransom (usually in Bitcoin) for a digital key needed to unlock the files. With most ransomware strains, victims who do not have recent backups of their files are faced with a decision to either pay the ransom or kiss their files goodbye.
Ransomware attacks like Petya have become such a common pestilence that many companies are now reportedly stockpiling Bitcoin in case they need to quickly unlock files that are being held hostage by ransomware. Security experts warn that Petya and other ransomware strains will continue to proliferate as long as companies delay patching and fail to develop a robust response plan for dealing with ransomware infestations.
According to ISACA, a nonprofit that advocates for professionals involved in information security, assurance, risk management and governance, 62 percent of organizations surveyed recently reported experiencing ransomware in 2016, but only 53 percent said they had a formal process in place to address it.
On a personal level, cybercriminals look for credit card numbers and bank account information, but at the business level, they’re seeking access to your company and network resources including assets, business applications and sensitive information.
Reducing your vulnerability to virus attacks means you have to take the time to determine how your company’s computer usage, habits and types of software installed, might expose it to a virus, or worse, ransomware. In the long run, your company will benefit from taking the time to safeguard your network by working with computer experts that regularly install security patches and updates to significantly reduce your risk of viral attack.
Habits that can increase risk of vulnerability:
- Using Adobe Reader/Acrobat with default settings;
- Assuming your antivirus provides 100% protection;
- Not applying security patches for ALL programs;
- Not reading through your end user license agreement (EULA) before clicking “I Accept”; and
- Not taking proper precautions when using wireless Internet
Your software is a valuable target for five reasons:
- It’s flawed.
- Software vendors can hardly keep up with the way cyber criminals exploit vulnerabilities in their products.
- It’s used by millions.
- It gives hackers access to your computer in minutes.
- You’re sometimes careless when using the Internet. (We’ve all been there.)
As the primary operating platform used by PCs, Windows, no matter which version, needs to be kept updated with all available system and security patches from Microsoft. Your computer expert third-party vendor can set updates to automatically install.
The global WannaCry ransomware attack that hit unpatched Windows systems in May and spread rapidly around the world over the course of several hours did prompt Microsoft to issue a security update for its retired Windows XP system, a fix that also blocked last week’s Petya worm. However, regular updates are not expected because according to Microsoft, the decision to release updates for Windows XP was an exception based on threat risks and the potential impact to its customers. The company recommends that customers upgrade to the latest version of Windows.
As the years go on, finding programs for the outdated system (first introduced back in 2001) will be difficult, as most companies stopped developing software for Windows XP years ago.
For example, Mozilla Firefox is one of the few major web browsers that still support Windows XP, although the company says it will provide Firefox security updates only until September. If you want to keep using a Windows XP machine on the internet, third-party security software may be the only shield you have left from online threats.
At ITG, we help you avoid network breaches by providing your business with a comprehensive network security audit that outlines potential vulnerabilities. Our approach is to provide your company with a list of potential security threats, provide remediation efforts and prevent any addressed security risks. We have the computer and network security expertise to help you plan, install, optimize and manage the complex network infrastructure that enables your critical business applications.
Keep your network safe! Contact us today for more information at email@example.com or call 518.479.3881.
Technology Bits By PUI-WING TAM JULY 7, 2017
The aftermath of a cyberattack is not pretty.
So writes Nicole Perlroth, a cybersecurity reporter for The New York Times, who chronicles in detail the fallout from last month’s cyberattack that hit Ukraine, Europe and multinational companies.
For many of those companies, the toll has been severe and continuing. Mondelez International, a food and beverage company, saw some its factories grind to a halt after the attack stopped thousands of its servers and computers, Nicole found. At the global law firm DLA Piper, which was affected, computer systems are still coming back online. And one company, Reckitt Benckiser, which makes Lysol spray, had to lower its sales forecast because of the attack’s impact on its supply chain.
At the same time, reports of other cyberattacks against companies are emerging. Wolf Creek Nuclear Operating Corporation was targeted by hackers who have been trying to penetrate companies that supervise and run nuclear power stations and other energy facilities, Nicole writes. The nature of these hacking attempts has spurred an urgent joint report from the Department of Homeland Security and the Federal Bureau of Investigation.
A traveler warning by the FBI’s Internet Crime Complaint Center highlights the fact that travelers must safeguard sensitive data wherever they go – both foreign and domestic.
The FBI warning indicates that there have been multiple instances where travelers’ computers are infected with malicious software while using their hotel Internet connections!
While hotel connections seem to be particularly risky, from a data-security standpoint all travel is inherently risky because the likelihood of sensitive private and corporate data being compromised or stolen increases the minute a person takes their devices outside their normal secure networks.
See this personal checklist for computer safety guidelines while traveling.
Before you go
If you’re traveling for business, consider traveling with a sanitized, virus-free, fully updated loaner laptop with minimal software instead of your own fully packed machine. Taking only what you need to do the work you need to do eliminates the risk of having your primary business computer compromised.
Do these steps on all devices – laptops, cell phones, tablets, etc. – before you travel:
- Remove unnecessary sensitive data
- Clear your cookies
- Remove saved passwords
- Password protect all devices using strong passwords or multi-factor authenitication
- Backup important data that will travel with you
- Disable remote connectivity such as Bluetooth, wi-fi, and file sharing
While on your trip
If you’re traveling for business, always use your virtual private network, or VPN, which encrypts your communications traffic when you connect from any network, wired or wireless.
While you are traveling, you’ll want to follow these safe computing guidelines:
- Avoid using kiosk computers or public workstations like Internet cafes
- Avoid using any network that requires you to download software to your computer for access
- Remember you have no reasonable expectation of privacy when using your computer in a public place, so use a privacy screen to prevent those nearby from snooping
- Always decline any request from someone else to use your electronic devices
- Always decline to allow others to connect a USB or portable device to your laptop
- Maintain physical possession of your computer and personal electronic devices at all times – do not leave devices unattended in hotel rooms, for example
- Don’t wait until you get home: routinely run checks for viruses and other malicious software during your trip
After you return
The first rule of thumb after you return is to assume that your electronic devices could have been compromised.
Check your computer and other devices for spyware, malware, and viruses before connecting to any campus, business or commercial networks. Never use USB drives or software received as gifts or promotional items until they have been verified clean by your IT service provider.